Hacked computer

Page 3 of 3 FirstFirst 123

  1. MaloK
    Posts : 2,800
    Windows 7 Pro
       New #21

    Could you just post yours... or at least the hashes...

    You need to bring a little water to the mill here.

    I found only one non MS Ctac on all our network and the machine seems unaffected. ok we close a lots of things so the virus could have been blocked at some point.

    But you did never give a single Reg key or any kind of traces that could be relied on or followed upon...

    in my situation I have to discard everything you "disclosed" about the problem until you bring serious proof of your allegations.
      My Computers

  3. Pooflinger
    Posts : 12
    All
       New #22

    Update your browser to use Google Drive, Docs, Sheets, Sites, Slides, and Forms - Google Drive Help

    Those are pics of xml s drawn from the reset process. The last two I uploaded are from a specialized.xml that redirects all online and offline resets to the same files.

    Hang on I'm chatting with Microsoft atm and I can show you the proof they just gave me.
      My Computer

  4. Pejole2165
    Posts : 920
    Windows 10 Pro
       New #23

    I do not understand the point of this thread, you do not seem to be asking for help, just trying to prove you have been infected with malware that you keep re infecting yourself with by using corrupted install media/ methods.
    The json vulnerabilities have been know about for several years now and widely reported by tech news and virus tracking websites. If you have indeed been infected then instead of posting here about it you should be attempting to first obtain a known clean version of a Windows install so that you can check to see if you also have compromised firmware and checking any other devices you may have used with that system and/ or shared with anyone else.
    Depending on how long you have had the suspected infection you have to assume that any devices you have connected to your system could also be compromised.
    Using Windows to perform a reset will not be sufficient as an infection could be lurking on your network devices, a hidden, or not easily user viewable area, such as restore partitions, of your disks, any USB device you have previously used with the system etc. This is why you need to find a known clean install device, ideally read only, remove all but the system drive, wipe all partitions down to a raw disk then install Windows (without a network connection) to see if you still get infected under those conditions.
    The json vulnerabilities can be used to install crypto miners, hijack crypto wallets, steal passwords/ login info, relay keystrokes and give complete remote control over a system. The initial malware comes from all the usual sources, clicking unverified email links, downloading cracked/ pirated films, games, apps, visiting non secure websites and clicking links and the latest ones were discovered in NPM packages (I mention these because you mentioned using Visual Studio so I assume you are a hobbyist developer, maybe).
    Bleepingcomputer.com has some very good write ups of the json manipulation variants, their ingress methods and their timelines for anyone interested.
    So are you asking for help to remove an infection (if so you would be better off talking direct to someone at bleepingcomputer.com, Kapersky etc) or are you just trying to re-prove that the json vulnerabilities already known about actually exist?
      My Computer

  6. Pooflinger
    Posts : 12
    All
       New #24

    Update your browser to use Google Drive, Docs, Sheets, Sites, Slides, and Forms - Google Drive Help

    I'm not able to get accurate hashing @MaloK for the files. The checksums have been shown to be scripted via a powershell script to different values. I'm in the process of uploading an iso of my HD otherwise I'd post pics. That link is a conversation about correct file sizes with Microsoft and a picture from a file I just dug from the systems root showing it turns the entire systems filesystem into a smb server by action of the root with inbound data limits of 53 bytes per sec and Outbound data limits at 54. No way in hell that is not malicious.

    I've deleted part of the code and force saved, hoping that since this file was on the HD and drawing from the root it will disable that aspect of things if I reset.
      My Computer

  7. tomdsr
    Posts : 890
    10 Pro/11 Pro Dual Boot
       New #25

    Pooflinger said:
    Update your browser to use Google Drive, Docs, Sheets, Sites, Slides, and Forms - Google Drive Help

    I'm not able to get accurate hashing @MaloK for the files. The checksums have been shown to be scripted via a powershell script to different values. I'm in the process of uploading an iso of my HD otherwise I'd post pics. That link is a conversation about correct file sizes with Microsoft and a picture from a file I just dug from the systems root showing it turns the entire systems filesystem into a smb server by action of the root with inbound data limits of 53 bytes per sec and Outbound data limits at 54. No way in hell that is not malicious.

    I've deleted part of the code and force saved, hoping that since this file was on the HD and drawing from the root it will disable that aspect of things if I reset.

    You took something the OP found as an update and ran with it. You've been asked a few times for proof and have given none, just more conspiracy and what if's.
      My Computers

 

  Related Discussions
Was I being hacked?
in AntiVirus, Firewalls and System Security

I almost visit Amazon.com every day but today the website became very slow, I tried to click on something it took forever to reach another page, I then tried to visit another site, the speed was great. I first thought it was a problem of...
I'm hacked I think
in AntiVirus, Firewalls and System Security

Next to the time in my taskbar is the word hacked. I am a novice and don't know where to start to find out how this got there. It was appearing every now and then , but is now there all the time. I'm assuming I should be concerned about this. I ran...
Hacked
in AntiVirus, Firewalls and System Security

I have a credit card that I only use on Amazon.com. In fact it's an Amazon Chase card. Last month there was an unauthorized purchase from a vendor I'd never heard of. I've been given a credit and was told that if the vendor doesn't reply in 2...
hacked? - computer logged into user name I never use
in AntiVirus, Firewalls and System Security

I got home today and woke my laptop from hibernation and discovered it was logged into the Admin account, which I never use. I am the only one with overt access to my computer. I use a secured wifi, windows firewall (which may be my mistake), and...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:34.
Find Us




Windows 10 Forums